The concepts of Digital Identity , Digital Identifiers and Digital Identification are a set of complex topics with both philosophical and technical components that play a critical role in computer security, specifically through the process of Access control. Digital Identity, a subset of the traditional concept of Identity, applies in virtually connected environments where the identifying attributes are not inherently linked to the owner of those attributes. This nuanced difference from the traditional concept of identity is likely responsible for the varying definitions of the identity related concepts. Specifically, some definitions consider Authentication and/or Authorization activities to be contained within the process of identification; This combination is inappropriate because all three are in fact separate (albeit closely related) processes [1]. More precise definitions of digital identity consider digital identification as the process of "claiming" an identity, but not verifying those claims [2][3] . For example, an individual can claim to be a person of great importance, and such a claim would be an act of identification, wheras providing proof that such claims are valid is the act of Authentication. This common misconception is likely due to differences in these processes when the concepts used in the physical world are inappropriately transferred to digital contexts. In the real world, a casual meeting with an old acquaintance would incorporate both identification and authentication (e.g. seeing his face identifies him and subsequently provides assurance that he is who you remember). Digitally, this inherent linkage between an entity and an attribute does not hold [4].

As a component of one of the most common [5] implementations of Access control, identification is the first step which is necessary for the remaining components, specifically, authentication and authorization [6].

Digital identification is an important concept in computer security in that it provides accountability


Identity and identifiers

edit

A digital identity is a representation of a unique entity (e.g. person, place or thing) within a specific context. Identity is often asserted through the use of an identifier, an attribute unique to the entity of interest, within the specified domain [4][7] with usernames being the most commonly used identifier [5]. For example, a user may login to their wikipedia account with the username genericWikiEditor. Assuming that this user does not reuse their username, the username genericWikiEditor is only good within the context of Wikipedia and attempts to login to other locations with this identifier would be rejected. Thus, the context of an identifier is of critical importance[4]. Being that digital identifiers are separate from the proof of identity[6], they are rarely secured (e.g. log on procedures regularly obfuscate the password based authentication procedures while leaving usernames in plaintext)[2].

Identification

edit

While an digital identity represents an unique entity within a specific context, these contexts are likely to have many recorded identities. For a user to gain access to a restricted system, the first step of the process requires an assertion of identity, otherwise known as identification[2][3]. Identification is a critical component of overall computer security in that it provides a front line of defense against unauthorized access as well as provides mechanisms for enforcing accountability[8]. Identification is a necessary, but not sufficient component in the process of access control, however when coupled with an appropriate method of verification (e.g. authentication) can provide additional benefits, namely an initial defense against identity theft[9].

Importance in computer security=

edit

Digital identity plays an important, albeit somewhat indirect, role in computer security; Specifically, claiming an identity is not sufficient in digital contexts, and thus when coupled with authentication, serves as a front line of defense against unauthorized access[3] and identity theft [9]. Once access as been granted (answering the question "who are you?"), identity plays a important role in the process of authorization (answering the question "what are you allowed to do?") NEEEED TO CITE!!!!`

Footnotes

edit
  1. ^ (Hovav & Berger 2009 Pg. 532)
  2. ^ a b c (Adams et al. 1997 Pg. 2)
  3. ^ a b c (Zviran & Elrich 2006 Pg. 91)
  4. ^ a b c (Camp 2004 Pg. 35)
  5. ^ a b (Zviran & Haga 1993, Pg. 227)
  6. ^ a b (Zviran & Elrich 2006 Pg. 90)
  7. ^ (Smith 1987)
  8. ^ (Bhargav-Spantzel et al. 2006, p.2)
  9. ^ a b (Way & Yuan 2009, Pg. 2)

Works Cited

edit
  • Adams, A.; Sasse, M.; and Lunt, P.; (1997). "Making Passwords Secure and Usable". People and Computers. 12: 1–20.{{cite journal}}: CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)
  • Bhargav-Spantzel, A.; Squicciarini, A.; and Bertino,E; (2006). "Establishing and Protecting Digital Identity in Federation Systems". Journal of Computer Security. 14 (3).{{cite journal}}: CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)
  • Camp (2004). "Digital Identity". IEEE Technology and Society Magazine. 23 (3): 34–41. {{cite journal}}: Unknown parameter |firshttp://en.wikipedia.org/w/index.php?title= ignored (help)
  • Hovav, A; Berger, R (2009). "Tutorial:Identity Management Systems and Secured Access Control". Communications of the Association for Information Systems. 25 (1): 531–570.
  • Smith, S (1987). "Authenticating Users by Word Associations". Human Factors and Ergonomics Society: 135–138.
  • Way, S.C.;Yuan, Y (August 6th-9th). Criteria for Evaluating Authentication Systems. Americas Conference on Information Systems. {{cite conference}}: Check date values in: |date= and |year= / |date= mismatch (help)CS1 maint: multiple names: authors list (link)
  • Zviran, M; Elrich, Z (2006). "Identification and Authentication:Technology and Implementation issues". Communications of the Association for Information Systems. 17 (1): 90–105.
  • Zviran, M; Haga, W (1993). "A Comparison of Password Techniques for Multilevel Authentication Mechanisms". The Computer Journal. 36 (3): 227.